SecureCode
Secrets vault for Claude Code. Encrypt API keys, tokens and passwords with AES-256. Full audit logs, MCP access rules, and zero-knowledge mode. Secrets never appear in chat.
README
@securecode/mcp-server
MCP Server for SecureCodeHQ. Lets Claude Code access your secrets securely without ever seeing them.
Quick Start
claude mcp add securecode -- npx -y @securecode/mcp-server
Then tell Claude Code:
Set up SecureCode in this project
The onboard tool walks you through account creation, secret import, and configuration. Takes about 2 minutes.
What It Does
Your secrets (API keys, tokens, passwords) are encrypted with AES-256 and stored in SecureCode. Claude Code accesses them via MCP, but the actual values never appear in the chat.
When Claude reads a secret, the value is written to a local file on your machine. The AI gets the file path but never sees the raw value. This is inject mode, the default.
Tools
| Tool | What it does |
|---|---|
onboard |
Guided setup: signup, import, API key, config, SDK |
get-secret |
Get a secret (injected to file by default, reveal: true to show to AI) |
list-secrets |
List all secrets with tags and expiry status |
create-secret |
Create a new secret |
update-secret |
Update value, description, or tags |
delete-secret |
Delete a secret |
renew-secret |
Renew expired secrets or change TTL |
import-env |
Import .env via secure web window (values never pass through AI) |
export-env |
Export secrets as .env or CSV |
get-status |
Check plan, usage, and MCP server version |
wake-session |
Unlock session with optional scope and auto-sleep timer |
sleep-session |
Lock session and clean injected files |
session-status |
Check session state and time remaining |
byebye |
Lock session + clean all secrets from disk |
get-active-rules |
List active MCP access rules (read-only) |
security-check |
Post-setup security hardening checks |
help |
Docs: tools, SDK, sessions, rules, troubleshooting |
MCP Access Rules
Control how AI agents access your secrets with tag-based policies. Created from the dashboard, enforced server-side.
| Action | Effect |
|---|---|
| Block Always | Secret only accessible from the dashboard |
| Require Confirmation | Agent must acknowledge before accessing |
| Require Session | Requires active session (wake-session) |
| Block Models | Only allows specific AI models |
| Notify | Sends email on access (non-blocking) |
Session Lock
You: "Wake my session for acme staging"
Claude: Session unlocked. Only acme/staging secrets accessible.
You: "byebye"
Claude: Session locked & secrets cleaned from disk.
Sessions auto-sleep after configurable inactivity (default: 2 hours).
How It Works
- Secret values are written to a local file, the AI never sees them (inject mode)
- Explicit
reveal: truereturns value to AI (audited) - Injected files are removed on sleep, byebye, or process exit
- Multiple Claude Code instances don't collide (hash based on API key + PID)
- Encrypted with AES-256-GCM using envelope encryption (Cloud KMS)
- Every access is logged with AI model, IP, machine identity, and timestamp
- Runs locally via stdio transport, secrets never pass through third parties
- Device approval required on first use from each machine
SDK
The companion SDK lets your app load secrets at runtime:
npm install @securecode/sdk
import { loadEnv } from '@securecode/sdk';
await loadEnv(); // all secrets loaded into process.env
Links
- Website: https://securecodehq.com
- npm: https://www.npmjs.com/package/@securecode/mcp-server
- SDK: https://www.npmjs.com/package/@securecode/sdk
Requirements
- Node.js >= 18
- A SecureCodeHQ account (free tier: 50 secrets, 10K accesses/month)
License
MIT
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.